Linux Mint website hacked, malware embedded into release.

Discussion in 'Technical' started by kckndrgn, Feb 22, 2016.

  1. kckndrgn

    kckndrgn Monkey+++ Moderator Emeritus Founding Member

    Linux Mint hit by malware infection on its website, forum after hack attack

    While I have not downloaded a new ISO in a while, anyone who did over the weekend needs to take steps to get rid of the backdoor.

    I also read somewhere else that this effected the mirror sites, so it may take a while to get all the bad ISO's off the net. Double check the MD5 signatures when downloading. I used to think that it was a waste of time to check it, but not anymore.
  2. ghrit

    ghrit Bad company Administrator Founding Member

    Just when I am thinking about starting to look into Linux --
  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    It's not really a linux security breech but sloppy website and package management security from the Mint team.
    Brokor and Wild Trapper like this.
  4. kckndrgn

    kckndrgn Monkey+++ Moderator Emeritus Founding Member

    Yup, from what I read, somewhere, don't recall at the moment, it was a hack in the wordpress software that allowed the hackers to point the download link to their server, where they had a customized ISO file that had the backdoor built in
  5. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Want me to send you a USB stick with Fedora installed? Boot from USB and try it in a live environment without touching your HDD. Download Fedora Workstation
    sec_monkey likes this.
  6. ghrit

    ghrit Bad company Administrator Founding Member

    Thanx, but not yet. I've a couple bottlenecks to open first. The new laptop will have W10 on it, and I have to find a way to upgrade it to Pro. I think I have it sourced, but need to confirm. And, of course, the machine has to get here and customized. After all that, the old laptop gets the Linux treatment. If I can figure it out, will set it up as a dual boot if the HDD will let me. All that will just clutter my belfry at this point. (Talk about single bell belfries ---)
    kellory and HK_User like this.
  7. stg58

    stg58 Monkey+++ Founding Member

    Who did that?

    The hacked ISOs are hosted on and the backdoor connects to

    Both lead to Sofia, Bulgaria, and the name of 3 people over there. We don’t know their roles in this, but if we ask for an investigation, this is where it will start.

    What we don’t know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this.

    If you’ve been affected by this, please do let us know.

    Beware of hacked ISOs if you downloaded Linux Mint on February 20th!

    Lefebvre said in a blog post that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads.

    The hacker responsible, who goes by the name "Peace," told me in an encrypted chat on Sunday that a "few hundred" Linux Mint installs were under their control -- a significant portion of the thousand-plus downloads during the day.

    But that's only half of the story.

    Peace also claimed to have stolen an entire copy of the site's forum twice -- one from January 28, and most recently February 18, two days before the hack was confirmed.

    The hacker shared a portion of the forum dump, which we verified contains some personally identifiable information, such as email addresses, birthdates, profile pictures, as well as scrambled passwords.

    Those passwords might not stay that way for much longer. The hacker said that some passwords have already been cracked, with more on the way. (It's understood that the site used PHPass to hash the passwords, which can be cracked.)

    Lefebvre confirmed on Sunday that the forum had been breached.

    It later emerged that the hacker had placed the "full forum dump" on a dark web marketplace, a listing we were also able to verify that exists. The listing was going for about 0.197 bitcoin at the time of writing, or about $85 per download.

    Peace confirmed the listing was theirs. "Well, I need $85," the hacker said jokingly.

    About 71,000 accounts have been loaded into breach notification site HaveIBeenPwned, it announced on Sunday. Just less than half of all accounts were already in the database. (If you think you might be affected by the breach, you can search its database for your email address.)
    Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads | ZDNet
    Wild Trapper likes this.
  8. Altoidfishfins

    Altoidfishfins Monkey+++

    Downloaded Mint 17.3 KDE the weekend before on one of my machines. Whew!
  9. Wild Trapper

    Wild Trapper Pirate Biker

    Still using Mint 17 Mate, no plan to upgrade any time soon.
    Brokor likes this.
  10. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    If the job actually paid well, I would love to be the guy who travels around to pay these scumbag hackers a visit.
    Seriously --hack Microsatan or GE corporation for Pete's sake, even Apple-Tosh.
    Another brick in the wall, I guess. Linux is still the most secure OS on the planet.
    melbo and Wild Trapper like this.
  1. aardbewoner
  2. Brokor
  3. 3M-TA3
  4. Brokor
  5. DarkLight
  6. Brokor
  7. stg58
  8. kckndrgn
  9. stg58
    [IMG] [IMG]
    Thread by: stg58, Dec 25, 2015, 7 replies, in forum: Technical
  10. melbo
  11. Brokor
  12. melbo
  13. Brokor
  14. melbo
  15. BAT1
  16. melbo
  17. melbo
  18. melbo
  19. Wild Trapper
  20. melbo
survivalmonkey SSL seal warrant canary